How to implement BLE security?

From: Yy Bb
Date: Fri Nov 01 2019 - 20:18:25 EST

Next message: Martin K. Petersen: "Re: [PATCH] scsi: csiostor: Fix NULL check before debugfs_remove_recursive is not needed"
Previous message: Martin K. Petersen: "Re: [PATCH] scsi: pm8001: pm8001_init: Fix Use plain integer as NULL pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We implemented the communication between a Linux device and mobile app
via BLE. We are able to read and write data by using a free app "nRF
Connect".
Now we need to support the BLE security. Basically our data is
sensitive. We want to protect our data from MITM. So we need to
support a reasonable high standard of security. It seems "Security
Mode 1, Level 3: Authenticated pairing with encryption" is what we
need. Our device doesn't support visually input. We use BlueZ, D-Bus
and Python3 on the Linux side.
But I have some practical questions:
1. For pairing, how do we support password protection? Is this
something only for the mobile app developer?
2. How do we know when pairing happens on the Linux side? Is there a
callback or notification we can use from BlueZ Python API?
3. How does data encryption work? Some mentioned AES-CMAC, some
mentioned AES-CCM? Which one should we use? So we'll just need to
encrypt the data on the Linux Python and send the data?

Thanks in advance!

Next message: Martin K. Petersen: "Re: [PATCH] scsi: csiostor: Fix NULL check before debugfs_remove_recursive is not needed"
Previous message: Martin K. Petersen: "Re: [PATCH] scsi: pm8001: pm8001_init: Fix Use plain integer as NULL pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]